32

When I was running Windows 7 on my Lenovo machine there was a pre-installed Lenovo utility which would make it so that anyone trying to see what my webcam sees would instead see a still image of a camera with a cross over it. And thus preventing applications and hackers without root privileges from seeing out of my webcam. I say root privileges because root privileges were required in order to change the settings of the program in order to allow programs to actually use my webcam and get what it sees rather than the still image.

This was a very useful utility for privacy and security reasons, however on Ubuntu I have been unable to find a similar utility which has the ability to do the same. Is there such a utility or is there any way of achieving what I have described?

I am running Ubuntu GNOME 16.04 with GNOME 3.20.

Braiam
  • 67,791
  • 32
  • 179
  • 269

3 Answers3

89

A foolproof way to block webcam input

Webcam blocker

Picture provided by Darkreading.com

MadMike
  • 4,244
  • 8
  • 28
  • 50
  • 37
    THE solution! No drivers required, cross-platform and no licences to worry about. – winny May 31 '16 at 13:26
  • 5
    I was going to say a sock, or shoot at it like in a robbery movie, but I think this solution is more elegant. –  May 31 '16 at 13:32
  • 1
    Yeah, this is probably the best way of doing it... :D Though if you do also find a software solution be sure to update your answer! ;) –  May 31 '16 at 13:46
  • @ParanoidPanda I will ask around in our hackerspace for a software solution. But from what I've seen on my fellow members laptops, this is the most common solution used. – MadMike May 31 '16 at 14:06
  • 11
    Wow you even have the luxurious decorative variant! For us lower class people a piece of tape is sufficient. – Gigala May 31 '16 at 14:51
  • Something like this might be an option if you don't like the look of this solution: http://www.amazon.com/LightDims-Black-Out-Electronics-Appliances/dp/B009WSN8PK – Jasper May 31 '16 at 16:59
  • 2
    Blocks visual input, but not auditory. – Andrew Lewis May 31 '16 at 19:21
  • 1
    Repeated application and removal means it'll fall off when you're not expecting it, possibly when you're not even nearby. – detly May 31 '16 at 21:38
  • 7
    This also works if somebody manages to get root permissions on your computer. – alex.forencich May 31 '16 at 22:04
  • @winny THE solution is arguably if customers stop buying hardware without this type of intrusive technology. – pipe May 31 '16 at 23:28
  • 14
    I think you would be hard pressed to find a computer that DOESN'T have a web cam these days. It costs so little to stick a crappy little camera in there that it's basically stupid for companies not to do so. Fortunately, it's easy to fix with a small piece of electrical tape, at least for the vision side. What would be nice, though, is a physical switch that completely disconnects the camera (not a software thing, something that physically cuts the power). – alex.forencich May 31 '16 at 23:31
  • This thread made me laugh today, as we were discussing this very topic in the office about an hour ago. I've used the foolproof method on every computer I've owned for the last half decade, at least. http://i.imgur.com/Zyey9aU.jpg – Aaron Lavers Jun 01 '16 at 06:12
  • 3
    I have good experiences with duct-tape over the camera. Especially if the frame of your laptop is the same colour as the tape, since it won't be as distracting. – Mast Jun 01 '16 at 08:51
  • 3
    One thing to add is if you do take this approach (which I did on my last three laptops), protect the lens. I'm not sure that the antiseptic or adhesive wouldn't interact with the lens material stopping it from working if you do decide to use it. I'd recommend using a small piece of thin card or paper held over the lens with a piece of black insulating tape - it's more unobtrusive. – mcottle Jun 01 '16 at 08:55
  • Instead of a band-aid, you can use a piece of paper. Also, if the laptop is old, you will be better off if you disconnect the cables. – Ismael Miguel Jun 01 '16 at 13:07
  • 2
    Although covering the camera physically is the easiest way, please don't use things like a band-aid or simple strong duct-tape. It will probably leave traces of glue there when you decide to remove it again and might even somehow react with the material of your case or lens and destroy it or make it ugly. Use some kind of tape that is easy to remove and known not to leave any glue traces behind. It's also good to place a piece of clean paper over the lens to prevent it from getting dirty. I personally use two small pieces of a post-it, with the sticky parts on the left and right of the cam. – Byte Commander Jun 01 '16 at 13:53
  • 3
    The eeepc had a physical switch that would move a piece of plastic in front of the lense. It's a shame this was not adapted to other laptops. – spectras Jun 01 '16 at 14:23
  • @ByteCommander I would assume the non-sticky part of the bandage is covering the actual lens. Personally, I use electrical tape with a piece facing opposite over the lens (sticky parts together) so there is no glue residue on the lens. –  Jun 01 '16 at 21:49
  • Another option is one of the many sliding camera covers made exactly for this purpose. – Johnny Jun 02 '16 at 01:59
  • 2
    I've got an Acer One 14 and its built-in camera is dead out of the box. Couldn't find a way to make it work. So it looks like a perfect choice for securing your privacy, thanks to the famous Acer quality. – wintermute Jun 02 '16 at 04:03
  • 2
    This is the most unprofessional answer I've seen on this site and I'm shocked it's been accepted. Sure, it's funny, but giving this solution as a professional would get you fired. – Delorean Jun 07 '16 at 15:53
  • @XToro sure my answer is meant half-jokingly. The question text says that a software way is wanted. But now, on a more note: what exactly is unprofessional about physically blocking an internal webcam? – MadMike Jun 07 '16 at 16:20
  • 1
    @MadMike because he asked it in a software manner, mentioning root privileges and showing an alternate image in place of the webcam feed. This is like someone complaining that their caps lock doesn't work on the software-side of things, and then my solution is to give them a small weight to hold down the shift key and call it fixed. That's just as unprofessional. – Delorean Jun 07 '16 at 16:42
15

Disable the webcam kernel module:

modprobe -r uvcvideo

uvcvideo is the most common module name. If not found, check lsmod | grep uvcv and you'll get the module name.

This will disable it for this session.

To make it permanent, add blacklist + module name to /etc/modprobe.d/blacklist.conf. (Like blacklist uvcvideo)

  • 1
    Doesn’t a user have to be in the video group to access the webcam in the first place? – Michael May 31 '16 at 19:53
  • @Michael so? If some code (i.e. malware) running under your user account tries to access the webcam, it will have the correct permissions. So you could take yourself out of the video group, but then you would have to log out for the change to take effect. And it would not help against an attacker that does manage to get root permissions. – alex.forencich May 31 '16 at 22:03
  • 3
    @alex.forencich Disabling the driver does not help against someone with root permissions either. – pipe May 31 '16 at 23:26
  • 1
    Not disputing that. My point was that if you're in the video group so you can access the webcam, then any software running as your user can also access the webcam. And switching what groups you are in requires logging in and out while adding/removing a kernel module does not. – alex.forencich May 31 '16 at 23:28
  • @pipe Of course a process with root permissions can use the webcam without a kernel module being loaded, but wouldn't it have to be specially designed to do so? Having to either load the uvcvideo driver, or reimplement (the core of) the driver itself? (Just for curiosity) – David Z Jun 01 '16 at 19:13
  • @DavidZ it could simply load the module. If I wrote malware to use the camera I'd make sure the driver is loaded, so I assume they do. – pipe Jun 01 '16 at 21:58
  • @pipe I know malware could simply load the module, assuming it is compiled. My question was, does it have to do so? Or are you saying that malware could use the camera without loading the module (or some equivalent driver) at all? – David Z Jun 02 '16 at 03:14
  • Without the blacklist, depending on configuration, the module might get automatically reloaded eg when the webcam is plugged/unplugged... – rackandboneman Jun 02 '16 at 11:20
  • 1
    This does not block input to the webcam. Most webcams are connected via USB and users with the right permissions can interact directly with USB devices regardless of whether a kernel module is loaded for them or not (see libusb). – Nathan Osman Mar 28 '17 at 23:35
  • Also, this does not deal with the issue of rogue firmware running on a device. Physical disconnection is the only way to be sure. – Nathan Osman Mar 28 '17 at 23:39
10

Another foolproof solution that wouldn't work for everyone:

Open the laptop up, and unplug the webcam. Use an external webcam instead, pluggin it in only as required. I actually did this in the opposite order as the internal webcam was poor quality and I didn't want it on the same angle as the screen.

Chris H
  • 321
  • 4
  • 11
  • 2
    Most USB cameras in laptops are connected internally via USB, so if you wanted to really be clever, you could splice the data wires (data+ and data-) and connect an external switch to them. Then you could simulate plugging in and unplugging the webcam without opening up the device. – Nathan Osman Mar 28 '17 at 23:31
  • @NathanOsman indeed. I considered repurposing the connection for a Bluetooth dongle on my netbook (and a switch between the two). lsusb is your friend here if your want to check before taking screws out. – Chris H Mar 29 '17 at 05:36